For those of you who are also deep into Windows #reverseengineering, #bootloaders, and #WinDbg: My first blog post on researching the Windows driver load order and all its quirks is out, beginning with some WinDbg fundamentals: https://colinfinck.de/posts/nt-load-order-part-1/

The TikTok ban, the Musk Twitter takeover, the Facebook moderation policy changes, the Republicans’ rapidly intensifying crackdowns on speech... let these be the proof you needed to move anything you care about online to a space you control.

Digital sovereignty is more important than ever.

#DigitalSovereignty

ROFLMAO.

Claude decided to crawl one of the sites on my new server, where known bots are redirected to an iocaine maze. Claude has been in the maze for 13k requests so far, over the course of 30 minutes.

I will need to fine tune the rate limiting, because it didn't hit any rate limits - it scanned using 902 different client IPs. So simply rate limiting by IP doesn't fly. I'll rate limit by (possibly normalized) agent (they all used the same UA).

Over the course of this 30 minutes, it downloaded about ~300 times less data than if I would've let it scrape the real thing, and each request took about the tenth of the time to serve than the real thing would have. So I saved bandwidth, saved processing time, likely saved RAM too, and served garbage to Claude.

Job well done.

I knew #AI would come for all our jobs eventually, but I really thought that Holocaust denial would be safe for a little while longer.

https://futurism.com/the-byte/ai-anne-frank-blame-holocaust

Also for your mental health, I recommend never reading the source code for the various implementations of mktime() and strptime(). The authors really try their best, but on reading that, you worry how anything ever works. https://github.com/bminor/glibc/blob/master/time/mktime.c

Okay this is wild: I just noticed that changing 'PasswordAuthentication' to 'no' in /etc/ssh/sshd_config is no longer enough to disable password authentication in #ubuntu. That's because Ubuntu Server now by default creates a sshd_config.d/50-cloud-init.conf file which contains 'PasswordAuthentication yes' which takes priority over sshd_config.

I would've unknowingly left password auth on if I hadn't double checked.

Why?

More: https://askubuntu.com/questions/1516262/why-is-50-cloud-init-conf-created

#security #linux #server #ubuntuserver

So how hard could it be to convert `Fri, 17 Jan 2025 06:07:07` in UTC into a UNIX epoch time_t timestamp, in C or C++? Quite hard. Many things that you'd think would work actually don't. Here I present solutions (with running code), and a little tour through 'struct tm', 'time_t', 'mktime' and 'strptime':

https://berthub.eu/articles/posts/how-to-get-a-unix-epoch-from-a-utc-date-time-string/

New blog post https://blog.cr.yp.to/20250118-flight.html "As expensive as a plane flight: Looking at some claims that quantum computers won't work." #quantum #energy #variables #errors #rsa #secrecy

Technology has taken away our community events by making media available on demand, and our interpersonal connections, by first replacing our phone books with social media, and then ruining social media.

There is a massive community and authenticity gap in modern society that most people are even failing to notice, let alone articulate.

This comic is thirty years old and could be published verbatim today (give-or-take replacing "talk radio show" with "podcast")

Snyk publishes malicious packages to the public NPM registry.
I'm no expert on ethics, but I believe that this is... frowned upon?

https://sourcecodered.com/snyk-malicious-npm-package/
https://news.ycombinator.com/item?id=42690473
https://snyk.io/blog/snyk-security-labs-testing-update-cursor-com-ai-code-editor/

"Norway is sounding the alarm after discovering that Russia is no longer only disrupting the Global Navigation Satellite Systems (GNSS) across the border, but also spoofing GPS signals, an attack that can cause significant disruption to commercial aviation."

"We were spoofed on approaching Kirkenes today”
https://www.thebarentsobserver.com/news/we-were-spoofed-on-approaching-kirkenes-today/423323

In 1h, I’ll do a livestream about JavaScript in PDFs.
A bit about standard JS triggers that is seen in exploits, but also a few simple PDF games.
https://www.youtube.com/live/xZPK04a5ltc?si=_3sz9aEEfDT90-da

Whether you think capitalism is the source of all problems, believe free markets the solution to all problems, or are somewhere on the spectrum, it's important to understand when, where, and why markets work.

Disclaimer: This post contains numerous oversimplifications but character limit here is 11,000, not the 110,000 needed to do the topic justice.

Markets are an example of the category of system I find fascinating: complex systems built from individual actors performing simple local tasks that have emergent properties that are useful. Ants finding food and birds flocking are examples of the same kind of thing.

ASIDE: AI grifters love to talk about 'emergent properties' of their systems. When they do, you should understand 'emergent property' to mean 'some behaviour that we didn't intend, don't understand, and that might go away in a future version'.

Designing systems to have desirable emergent properties is really hard. A lot of engineering is about trying to avoid having any emergent properties because we still don't have good tools for reasoning about them. Emergent properties are why the bridge opposite Tate Modern had to be closed: individually, each component was fine, but assembled together they each contributed to a resonance when people walked across the bridge at a normal walking speed that could have broken the bridge.

Markets are something of a special case in that they are a single system that has been studied for over two hundred years and so there are things that we know about markets that may not generalise to other systems with emerging properties.

Markets are trying to solve the problem of resource allocation. Typically this is in a real-world setting, though there have been some interesting papers using markets for scheduling (especially distributed scheduling) in computing systems.

Trying to efficiently allocate resources across an entire economy is really hard. The Soviets tried it with central planning and it did not go well. Central planning requires global knowledge of a system. If you're trying to schedule tasks on a CPU, you probably know how many cores you have and how fast they are, but even then you don't have full knowledge of how long each task needs and what the dependencies are. A country's economy is so much more complicated than this that it's hard to even imagine that they're the same problem. And things change quickly, which requires re-planning.

The idea of a market is that each participant has some resources that they can trade. If they make good decisions, they will be able to make more trades. How do you know it's a good trade?

This is where the first kind of common failure happens. Imagine you go to buy apples. One seller has fresh apples, the other has rotten apples. Obviously, you pick the one selling fresh apples. Now imagine that the apples are sold in opaque boxes with photos of fresh apples on the outside. As a consumer, you don't have enough information to be able to choose, so you will get it wrong half the time. You may be able to learn that oen seller has a bad reputation, but what if there are ten sellers and they all send a different representative and use a different trading name every week? Markets do not work unless customers have good information. It doesn't have to be complete information, but it has to be enough to make an informed purchasing decision. Data-harvesting companies such as Meta, for example, rely on people not being able to reason about the costs of their products and make good cost-benefit calculations.

Regulations help to redress this kind of failure. Without regulation, markets often stop behaving like markets.

If two apple sellers have equivalent quality (their goods are commodities: either can be substituted for the other) then they can compete only on price. If you sell your apples for less than the other person's apples, then you will sell more. To compete, they have to lower prices. Eventually, they reach a point where they cannot sell and make money so they do not lower them further. The price of apples converges on slightly more than the price of producing apples and the inefficient sellers go out of business.

The next common failure in markets comes because they don't account for externalities. If I'm dumping waste in the local river and you're disposing of it responsibly, my costs are lower because other people who live downstream from me are paying a lot of mine. This is a big part of the reason manufacturing moved to China: cheap labour helped, but being able to bribe officials to let you dump toxic waste anywhere made manufacturing a lot cheaper. The PRC started decapitating people who took that kind of bribe a few years ago, so it's a bit harder than it was, but any market that doesn't account for externalities will end up optimising well, but for the wrong thing. See also: fossil fuels, leaded petrol, CFCs in aerosols, and so on.

If you're an apple seller, you might realise that you can make an agreement with your competitors not to lower prices and then you all make money. You form a cartel. After a while, you realise you could make more money if you all raise prices together. Everyone wins (except your customers). Again, regulation helps here. The 20th century came with a lot of antitrust laws to prevent this kind of things (the history of it in the US is fascinating: the earliest antitrust law was passed because someone managed to get a monopoly on onions and some of the later laws are little changes that say 'this, but for commodities that are not just onions').

If you can lock people into your ecosystem, for example by having a stupid document format that is tied to the implementation details of your word processor that no one can replicate, you can prevent people from exercising choice. This, again, means that a thing that looks like a market doesn't behave like one.

Most recently, I've seen a lot of examples of a kind of market failure that is less-often mentioned in economics books: when people who make bad decisions are insulated from the outcomes of their choices.

A market works, in part, by ensuring that people who routinely make poor choices have less capital left and so their subsequent choices have less impact. But if you're a bank that causes a financial crisis and the government bails you out, this doesn't happen. If you're an investor in a privatised water company and the water company is asset stripped and you take home a load of money while the company fails, you don't lose out and can make more investments. If you're a person with a net worth of over a hundred billion dollars, you can make investments of billions of dollars that are really stupid and have a massive impact on the market that you put the money in, but are isolated (this is closely related to the cross-subsidy problem that some antitrust law covers, but it never considers the case where the investor is an individual). You can address this with wealth taxes and banking regulations, but most of those were repealed in the '80s and '90s.

There are a lot of other ways that markets can fail. I really like the idea of markets, but making them work well requires a lot of intervention. They have a habit of decaying to oligopoly without constant nudging. When they work, they do better than anything else that we've tried. When they collapse, they work about as well as having a small aristocracy centrally assign resources (ask the French how well that worked in the late 1700s).

I am so excited to finally show you the stable alpha of Venture, a cross-platform GUI for parsing Windows Event Logs!

https://github.com/mttaggart/venture

Venture was developed with support from my employer with the intent of creating an open source tool for all. Thank you, UCLA Health!